Sections

Wii U: user accesses MiiVerse admin boards, Nintendo responds

Monday, 19th November 2012 13:22 GMT By Dave Cook

Wii U launched across America at the weekend, and a gamer has already found a rather significant security flaw in Nintendo’s MiiVerse service, giving him admin access to social post threads, and unearthing what was presumed to be threads dedicated to unannounced Wii U titles. Nintendo has since stepped in to claim the content was merely a mock-up. Judge for yourself below.

The discovery was made by a NeoGAF user named Trike who claimed he accessed the MiiVerse debug panel by pressing the, “X” button on the gamepad while hovering over the exit button.”

In doing so Trike found himself in the MiiVerse back-end, letting him see pages of comments, user accounts and discussion threads. Among those found were threads titled, ‘Yoshi Land Wii U’, ‘Metal Gear Solid’ and ‘Resident Evil’. Some sites reported these as supposed games, but Nintendo has since stepped in and called them nothing more than mock-ups.

In a statement to GI.biz, Nintendo attempted to clarify the matter, “It has come to our attention that some people were able to access a mock up menu on Miiverse following the launch of Wii U in the US. Please note that this was only a mock up menu and has now been removed and is not accessible.”

The statement made Trike’s access seem trivial, however he also explained that he was given full admin privileges over MiiVerse social posts, which is both potentially disruptive and slightly worrying.

“I thought they were real when I found them,” he said, “because they were posted 20 minutes ago from the time I accessed them. I could flag them for prohibited content, spoilers, and something else that I forget. Then I went to a different link on the debug menu and it showed three different Miiverse subforums I could access that would be coming out on December 20th.

“There were even more subforums for games specifically, including Yoshi’s Island Wii U and Soul Hackers, and less specific ones like “Metal Gear Solid” and “Resident Evils”. By the time I stopped posting on gaf to check for more it was fixed, and someone pointed out that Nintendo put up a tweet about a miiverse fix.”

Such a lapse in security just days after launch doesn’t bode well for Nintendo, and casts early doubt over the Wii U’s attempts to tap into the online mind-set long adopted by rivals Microsoft and Sony.

Does Nintendo have the chops to tussle with PS3 and Xbox 360′s online features? Let us know what you think below.

Check out more of Trike’s shots below.

Breaking news

17 Comments

Sign in to post a comment.

  1. Ireland Michael

    “Such a lapse in security just days after launch doesn’t bode well for Nintendo, and casts early doubt over the Wii U’s attempts to tap into the online mind-set long adopted by rivals Microsoft and Sony.”

    That’s being a tad over-dramatic, surely?

    What is this? Let’s Be Negative Nancies Day? The stuff being posted today is bordering on tabloid journalism.

    #1 1 year ago
  2. SplatteredHouse

    Not in the least is it over-dramatic, while there is a level of trust being placed in that console for financial and social activities. Then the fact that the underlying system is easily exposed to alteration for good or ill, shines a light, surely, on the security and scrutiny of the OS on which WiiU is based. It is foolhardy to overlook false alarms like this, and it would have been poor, had Dave not decided to alert people to a news-worthy occurrence.

    #2 1 year ago
  3. Dave Cook

    @1 & 2 yeah this honestly isn’t good from Nintendo. When a service that holds credit card information is compromised this easy – even if gives people access to payment details or not – consumer confidence will be shaken. It’s not good enough when consumers demand a certain level of security and trust.

    Also, what else has been verging on tabloid journalism? I’m curious man. Not being snarky, I’m genuinely curious.

    #3 1 year ago
  4. Ireland Michael

    @3 It was a temporary error that was fixed almost as soon as it was made aware of. It isn’t indicative of anything, and doesn’t impact 99.99% of the people who will ever use it. It barely even warrants a compromise.

    It’s a mountain out of a molehill. This isn’t nearly half as bad as… oh, I don’t know…. Sony’s entire online network being compromised for months.

    “Also, what else has been verging on tabloid journalism? I’m curious man. Not being snarky, I’m genuinely curious.”

    People are spending all their time trying to find whatever they can to complain about instead of talking about the hardware and software itself, it’s design, what it does and doesn’t do well. I still no next to nothing about the device’s dashboard.

    I’m not talking about just here, but the news in general. Console bricking and temporary bugs are part and parcel of every console launch. I’ve yet to see a single one that went off without a hitch. People are acting like Nintendo is the only company that this sort of thing has ever happened with.

    #4 1 year ago
  5. Dave Cook

    @4 I agree man seriously I do, but it’s the public perceptiont hat will get people worried. From a technical stand point it’s a minor issue, but from a PR/image perspective folk aren’t happy about this. They like to feel secure surely?

    I don’t know, maybe I’m wrong, but I’ve seen a lot of people who are worried about this one on comment threads, Twitter and such.

    #5 1 year ago
  6. zinc

    The problem here is that when, for example, someone attempted to hack PSN, it’s was a dedicated effort…

    This was just some guy, pressing the wrong button, by accident. I wonder what other little quirks the WiiU system has? If you play a game after midnight, will it turn into a Gremlin?

    #6 1 year ago
  7. Dave Cook

    @6 It’s actually Optimus Prime if you press the right button combo. But Michael Bay’s Prime, not the G1 version.

    #7 1 year ago
  8. lexph3re

    If you want dashboard impressions go to youtube. This is media news it’s suppose to talk about things like this. Didn’t you get the memo on what the journalist do?

    I think this was interesting seeing how this is Nintendos first effort at a dedicated online service. And, much like PSN or XBL(on xbox) you are going to wonder how well it does on it’s infancy.

    This was a vulnerability, not a Hack/Phishing scam/Exploit. It was pretty much left completely open internally. That’s why news like this is interesting and worth addressing. Thanks Dave for giving it full light and opening a good discussion starter.

    #8 1 year ago
  9. Dave Cook

    @8 Cheers, and thanks for reading :)

    #9 1 year ago
  10. Ireland Michael

    @8 The Wii had an online infrastructure with messaging, online gaming, a marketplace, and the ability to access numerous third party services like Netflix. So no, it isn’t even close to their first attempt at an online service. It may not have been half as robust on the Wii, but this isn’t even close to their first. Even the DS-I could do most of that stuff.

    #10 1 year ago
  11. lexph3re

    When it comes to a full media integration, having a well connected service this would definitely be considered a first time. The Wii’s online integration was a joke barely out the womb. That’s why I said in it’s … Infancy.

    #11 1 year ago
  12. SplatteredHouse

    Although, last time Nintendo distanced themselves from competition with other platforms. The Wii did not have a dedicated online service, ala an XbL, or PSN. The NEN is more than just a selection of games with online functionality.

    NEN is Nintendo’s come out swinging first bat at integrating online into their strategy. To appeal to, and enable a connected audience.
    The Wii online platform was insular even compared to XBL, stunted in reach and functionality and it was more like a barricaded fort than any sort of garden. It could not compete with other companies’ examples – wasn’t intended to, maybe. But it reasonably competently (if not conveniently) served a limited purpose.

    #12 1 year ago
  13. zinc

    @7, Really!? *Grabs wallet*

    I actually prefer Michael Bays Optimus Prime ;-)

    #13 1 year ago
  14. ManuOtaku

    I dont own yet the WiiU, so it is difficult to assert the situation with an opinion, but for what i understand the Miiverse is not their entire online service, is only the application that lets people interact with each other under their online service, therefore if the application did have something that allowed a user to be like a moderator under that specific application, is not like the whole system is open for other activities, but i can be wrong because i dont have any hands down with the console, though.

    #14 1 year ago
  15. Ireland Michael

    @11, 12 The point, he said it was their first attempt.

    It isn’t.

    #15 1 year ago
  16. SplatteredHouse

    @14 from seedlings grow forests. Additionally, a lot of harm and mischief could have been caused to people’s experience and reaction with their new console, if the person who discovered the exploit was not so well intentioned, which would harm Nintendo all the worse than an article and discussion around a benign situation that occurred to one user’s surprise.

    But, of course, it is mere coincidence that Call of Duty games servers became poisoned after the one person discovered ways to exploit and told others?

    #16 1 year ago
  17. ManuOtaku

    #16 i agree with the perception thing and the possibilities of the exploit, thats was one of my main concerns with the PSN thing, and it is with this one, i just wanted to stated that, for what i do know, which is not much by the way, it is not the whole online service just Miiverse,therefore the damages should occur under that application, not the whole online service.

    I dont know which is more shocking the notion that a multiplayer game is hacked, or the notion that gamers play COD multiplayer on a Nintendo console, well the former is not a shock, the later it is :)

    #17 1 year ago